1

I want to be able to format my string and replicate the same code (not for an attack, but for a demo):

window.onload = function() {
     alert("hello Silly");
     var attack = [
        'window.onload = function() {',
        '   alert("hello Silly");',
        '    var attack = [',
        '    ];',
        '    var profile = new String();',
        '    for (var i = 0; i < attack.length; i++) {',
        '       profile += attack[i];',
        '    }',
        '    console.log(profile);',
        '}'
     ];

     var profile = new String();
     for (var i = 0; i < 3; i++) {
         profile += attack[i];
     }
     for (var i = 0; i < attack.length; i++) {
         profile += attack[i];
     }
     for (var i = 4; i < attack.length; i++) {
         profile += attack[i];
     }
     console.log(profile);
}

The idea is to make the script recursively able to execute itself, at an injection for example ... However I'm afraid I'm missing the recursive step in the replication ...

** Edit ** As per suggestion, I added most of the code, however I still missing the recursive step ... how can I replicate the attack to the attack string?

cybertextron
  • 10,547
  • 28
  • 104
  • 208
  • 1
    What exactly do you want to recurse into here? You only seem to try to call two different URLs. – Tomalak May 09 '15 at 03:29
  • @Tomalak: It was a typo ... I pretty much to be able to have that script to replicate itself as a string ... make sense? – cybertextron May 09 '15 at 03:32
  • @philippe, what you're trying to do is called a "quine". – zzzzBov May 09 '15 at 03:33
  • @zzzzBov Could you give me more details how can I accomplish that? – cybertextron May 09 '15 at 03:33
  • 3
    @philippe I had hoped, given your reputation, that you'd be able to do your own research once given the appropriate term. I recommend using a search engine or [wikipedia](http://en.wikipedia.org/wiki/Quine_%28computing%29). – zzzzBov May 09 '15 at 03:36
  • From experience though, I will say that a convenient quine pattern is where you store the script as a string, and then print it twice, once quoted, once unquoted. – zzzzBov May 09 '15 at 03:40
  • Your `params` isnt formatted correctly, it should be in key-value pair format ie `data=something&something=this`, or use a FormData object and pass that. Also you cannot do [multiline string](http://stackoverflow.com/questions/805107/creating-multiline-strings-in-javascript) without doing escapes at the end of the line (you should be getting errors on the console) – Patrick Evans May 09 '15 at 03:41
  • @PatrickEvans I'm still trying to figure out how to make que quine work :-D – cybertextron May 09 '15 at 03:43
  • Well if part of making the quine work is sending the code string to the server than you need to format the params correctly first so the request will go through – Patrick Evans May 09 '15 at 03:45
  • @PatrickEvans Could you take a look at the changes made? – cybertextron May 09 '15 at 04:06

0 Answers0